Icinga 2 auf dem RaspberryPi 2/3 installieren

Generell kann ich das Buch Icinga 2 (ix Edition): Ein praktischer Einstieg ins Monitoring zum Einstieg in Icinga 2 sehr empfehlen.

Grundinstallation Raspbian

(http://docs.icinga.org/icinga2/latest/doc/module/icinga2/chapter/getting-started#getting-started)

  1. Download RASPBIAN JESSIE LITE
    https://www.raspberrypi.org/downloads/raspbian/
  2. Auf SD-Karte installieren mit Win32DiskImager
  3. SD-Karte in RaspberryPi einsetzen und booten
  4. Mit Putty verbinden zum RaspberryPi
  5. Einloggen mit Login: pi Passwort: raspberry
  6. Raspberry Konfigurieren mit “sudo raspi-config”
    1. Expand Filesystem
    2. Internationalisation Options
      1. Change Localede@utf-8
      2. Change Timezone Europe/Berlin
      3. Change Keyboard Layout
      4. Change Wi-fi Country
    3. reboot
  7. Root account mit neuem Passwort versehen
    $ sudo passwd root
  8. Root-Login per ssh erlauben
    $ nano -w /etc/ssh/sshd_config
    
    #PermitRootLogin without-password
    PermitRootLogin yes
    
    
  9. Aktuelle Updates einspielen
    # sudo apt-get update && sudo apt-get dist-upgrade
  10. Netzwerk konfigurieren
    # vim /etc/network/interfaces
    
    allow-hotplug eth0
    iface eth0 inet static
     address 192.168.11.100
     netmask 255.255.255.0
     gateway 192.168.11.1
     dns-domain example.com
     dns-nameservers 192.168.11.1
  11. Diverse kleinere Tools
    # apt-get install mc htop unzip
  12. reboot

Grundinstallation Icinga 2

Icinga 2 Core

# sudo -s 
# wget -O - https://debmon.org/debmon/repo.key 2>/dev/null | apt-key add -
# echo 'deb http://debmon.org/debmon debmon-jessie main' >/etc/apt/sources.list.d/debmon.list
# apt-get update
# apt-get install icinga2
# icinga2 feature list
Disabled features: api command compatlog debuglog graphite icingastatus ido-mysql ido-pgsql livestatus notification perfdata statusdata syslog
Enabled features: checker mainlog notification
# icinga2 feature enable api command compatlog livestatus perfdata statusdata

By default Icinga 2 uses the following files and directories:

PATH DESCRIPTION
/etc/icinga2 Contains Icinga 2 configuration files.
/etc/init.d/icinga2 The Icinga 2 init script.
/usr/sbin/icinga2 The Icinga 2 binary.
/usr/share/doc/icinga2 Documentation files that come with Icinga 2.
/usr/share/icinga2/include The Icinga Template Library and plugin command configuration.
/var/run/icinga2 PID file.
/var/run/icinga2/cmd Command pipe and Livestatus socket.
/var/cache/icinga2 status.dat/objects.cache, icinga2.debug files
/var/spool/icinga2 Used for performance data spool files.
/var/lib/icinga2 Icinga 2 state file, cluster log, local CA and configuration files.
/var/log/icinga2 Log file location and compat/ directory for the CompatLogger feature.

Syntax Highlighting

$ apt-get install vim-icinga2 vim-addon-manager
$ vim-addon-manager -w install icinga2
Info: installing removed addon 'icinga2' to /var/lib/vim/addons
$ vim ~/.vimrc
syntax on
$ cp /etc/nanorc ~/.nanorc
$ vim ~/.nanorc

## Icinga 2
include "/usr/share/nano/icinga2.nanorc"

Icinga Plugins (wurden bei Debian bereits installiert)

# apt-get install nagios-plugins

IDOdb

# apt-get install mysql-server mysql-client
# apt-get install icinga2-ido-mysql
# mysql -u root -p

CREATE DATABASE icinga;
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost' IDENTIFIED BY 'icinga';
quit
# mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql
# icinga2 feature enable ido-mysql
Module 'ido-mysql' was enabled.
Make sure to restart Icinga 2 for these changes to take effect.
# vim /etc/icinga2/features-available/ido-mysql.conf

/**
 * The db_ido_mysql library implements IDO functionality
 * for MySQL.
 */

library "db_ido_mysql"

object IdoMysqlConnection "ido-mysql" {
 user = "icinga",
 password = "icinga",
 host = "localhost",
 database = "icinga"
}

# service icinga2 restart

Webserver (Apache)

# apt-get install apache2
# usermod -a -G nagios www-data

Icinga Classic-UI

# apt-get install icinga2-classicui
# a2enconf icinga2-classicui
# service apache2 restart

Finally visit Icinga Classic UI in your browser to access it: /icinga2-classicui

IcingaWeb2

# wget -O - http://packages.icinga.org/icinga.key | apt-key add -
# echo 'deb http://packages.icinga.org/debian icinga-jessie main' >/etc/apt/sources.list.d/icinga.list
# apt-get update
# apt-get install icingaweb2
# sudo mysql -p

CREATE DATABASE icingaweb2;
GRANT SELECT, INSERT, UPDATE, DELETE, DROP, CREATE VIEW, INDEX, EXECUTE ON icingaweb2.* TO 'icingaweb2'@'localhost' IDENTIFIED BY 'icingaweb2';
quit

# mysql -p icingaweb2 < /usr/share/icingaweb2/etc/schema/mysql.schema.sql
# mysql -p icingaweb2

INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('icingaadmin', 1, '$1$EzxLOFDr$giVx3bGhVm4lDUAw6srGX1');
quit
# addgroup --system icingaweb2
# usermod -a -G icingaweb2 www-data 
# a2enconf icingaweb2
# icingacli setup token create
# icingacli setup token show
# apt-get install php5-intl php5-imagick
# vim /etc/php5/apache2/php.ini

date.timezone = Europe/Berlin
# vim /etc/php5/cli/php.ini

date.timezone = Europe/Berlin
# service apache2 restart

Finally visit Icinga Web 2 in your browser to access the setup wizard and complete the installation: /icingaweb2/setup

Icinga Web 2 Manual Configuration

resources.ini providing the details for the Icinga Web 2 and Icinga 2 IDO database configuration. Example for MySQL:

# vim /etc/icingaweb2/resources.ini

[icingaweb2]
type                = "db"
db                  = "mysql"
host                = "localhost"
port                = "3306"
dbname              = "icingaweb2"
username            = "icingaweb2"
password            = "icingaweb2"


[icinga2]
type                = "db"
db                  = "mysql"
host                = "localhost"
port                = "3306"
dbname              = "icinga"
username            = "icinga"
password            = "icinga"

config.ini defining general application settings.

# vim /etc/icingaweb2/config.ini

[logging]
log                 = "syslog"
level               = "ERROR"
application         = "icingaweb2"


[preferences]
type                = "db"
resource            = "icingaweb2"

authentication.ini for e.g. using the previously created database.

# vim /etc/icingaweb2/authentication.ini

[icingaweb2]
backend             = "db"
resource            = "icingaweb2"

roles.ini granting the previously added icingaadmin user all permissions.

# vim /etc/icingaweb2/roles.ini

[admins]
users               = "icingaadmin"
permissions         = "*"

Icinga Web 2 Manual Configuration Monitoring Module

config.ini defining additional security settings.

# mkdir /etc/icingaweb2/modules/monitoring
# vim /etc/icingaweb2/modules/monitoring/config.ini

[security]
protected_customvars = "*pw*,*pass*,community"

backends.ini referencing the Icinga 2 DB IDO resource.

# vim /etc/icingaweb2/modules/monitoring/backends.ini

[icinga2]
type                = "ido"
resource            = "icinga2"

commandtransports.ini defining the Icinga command pipe.

# vim /etc/icingaweb2/modules/monitoring/commandtransports.ini

[icinga2]
transport           = "local"
path                = "/var/run/icinga2/cmd/icinga2.cmd"

Icinga Web 2 Manual Setup Login

Finally visit Icinga Web 2 in your browser to login as icingaadmin user: /icingaweb2.
Default PW is icingaadmin

Icinga Director

# apt-get install php5-curl
# service apache2 restart
# mysql -p

CREATE DATABASE director CHARACTER SET 'utf8';
GRANT ALL ON director.* TO director@localhost IDENTIFIED BY 'director';
quit;
# vim /etc/icingaweb2/resources.ini

[Director DB]
type = "db"
db = "mysql"
host = "localhost"
dbname = "director"
username = "director"
password = "director"
charset = "utf8"
# cd /usr/share/icingaweb2/modules/
# wget https://github.com/Icinga/icingaweb2-module-director/archive/master.zip
# unzip master.zip
# mv icingaweb2-module-director-master director
# rm -r master.zip
# mkdir /etc/icingaweb2/modules/director
# vim /etc/icingaweb2/modules/director/config.ini

[db]
resource = "Director DB"
# icinga2 api setup
# vim /etc/icinga2/conf.d/api-users.conf

object ApiUser "director" {
 password = "director"
 //client_cn = ""

 permissions = [ "*" ]
}
# service icinga2 restart
# icingacli director migration run --verbose

Weitergehende Links zum Director: